CVE-2025-3224

HIGH EPSS 10.9%

Published Apr 28, 20251y ago · Modified Jun 17, 20261w ago

7.3 CVSS 4.0

High

Published Apr 28, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.

CVSS Details

Base Score

7.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity High

Privileges Required Low

User Interaction A

Scope X

Threat Intelligence

EPSS Exploit Probability

10.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-269 Improper Privilege Management Authorization

CWE-59

Affected Products 1

Vendor	Product	Version	Range
docker	desktop	*	<4.41.0

References 1

zerodayinitiative.com https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks

Technical Description

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.